Closed Bug 743636 Opened 12 years ago Closed 5 years ago

Hang (eventual crash) with many nested <svg> and <use> elements

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1531333

People

(Reporter: sachinshinde11, Unassigned)

Details

(4 keywords, Whiteboard: [external-report])

Attachments

(2 files)

svg apphang/crash dos 12 years ago sachin shinde 615.41 KB, image/svg+xml		Details
simplified-testcase.html 5 years ago violet.bugreport 1.68 KB, text/html		Details

sachin shinde

Reporter

Description

•

12 years ago

Attached image svg apphang/crash dos — Details

firefox version 11 hangs when trying to open attached file.It also crashes after some time. 

tested on -- 

Linux shadowfax 2.6.38-13-generic #57-Ubuntu SMP Mon Mar 5 18:10:14 UTC 2012 i686 i686 i386 GNU/Linux

"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0"

Robert Longson [:longsonr]

Updated

•

12 years ago

Component: Security → SVG

Product: Firefox → Core

QA Contact: firefox → general

Daniel Holbert [:dholbert]

Comment 1

•

12 years ago

The testcase is basically ~500 nested <svg> elements (with some other elements mixed in).

I suspect we're hosed regardless on that sort of content.

In a debug build, we continuously spam this output:
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file ../../../mozilla/layout/base/nsCSSFrameConstructor.cpp, line 3920

From a ~10 second sysprof sample of the hang: we're spending 99% of our time in nsCSSFrameConstructor::ProcessChildren, with 96% of the time spent in nsCSSRuleProcessor::RulesMatching (a few stacklevels down from ProcessChildren)

Daniel Holbert [:dholbert]

Comment 2

•

12 years ago

(also: in my opt build, this testcase got us up to 50% memory usage (4 GB) within a few minutes. I killed it at that point to be sure my system wouldn't become unresponsive.)

Status: UNCONFIRMED → NEW

Ever confirmed: true

Keywords: hang

Hardware: x86 → All

Summary: SVG DOS and crashes → SVG hang (eventual crash) with many nested <svg> elements

Version: 11 Branch → Trunk

Daniel Holbert [:dholbert]

Updated

•

12 years ago

Summary: SVG hang (eventual crash) with many nested <svg> elements → Hang (eventual crash) with many nested <svg> elements

Daniel Holbert [:dholbert]

Updated

•

12 years ago

Keywords: testcase

Jonathan Watt [:jwatt]

Updated

•

11 years ago

Keywords: perf

Jonathan Watt [:jwatt]

Updated

•

11 years ago

Whiteboard: [external-report]

Jonathan Watt [:jwatt]

Updated

•

8 years ago

Keywords: crash

violet.bugreport

Updated

•

5 years ago

Summary: Hang (eventual crash) with many nested <svg> elements → Hang (eventual crash) with many nested <svg> and <use> elements

violet.bugreport

Comment 4

•

5 years ago

Attached file simplified-testcase.html — Details

violet.bugreport

Updated

•

5 years ago

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Hang (eventual crash) with many nested <svg> and <use> elements

Categories

(Core :: SVG, defect)

Tracking

()

People

(Reporter: sachinshinde11, Unassigned)

References

Details

(4 keywords, Whiteboard: [external-report])

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Updated

Comment 1

Comment 2

Updated

Updated

Updated

Updated

Updated

Updated

Comment 4

Updated

Attachment

General

Description

File Name

Content Type